| Message ID | etwgucaj4hu7buvrvzgxkhxjtl526qd6fdyfmxzsdacphrg667@nrd35hese3t5 (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3] drm/i915: Fixed NULL pointer dereference in capture_engine | expand |
Hi, On Mon, Nov 25, 2024 at 03:27:11PM +0000, Eugene Kobyak wrote: > When the intel_context structure contains NULL, > it raises a NULL pointer dereference error in drm_info(). > > Fixes: e8a3319c31a1 ("drm/i915: Allow error capture without a request") > Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/12309 > > Signed-off-by: Eugene Kobyak <eugene.kobyak@intel.com> > --- > drivers/gpu/drm/i915/i915_gpu_error.c | 13 ++++++++++--- > 1 file changed, 10 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c > index 135ded17334e..1c614c74c2cf 100644 > --- a/drivers/gpu/drm/i915/i915_gpu_error.c > +++ b/drivers/gpu/drm/i915/i915_gpu_error.c > @@ -1643,9 +1643,16 @@ capture_engine(struct intel_engine_cs *engine, > return NULL; > > intel_engine_get_hung_entity(engine, &ce, &rq); > - if (rq && !i915_request_started(rq)) > - drm_info(&engine->gt->i915->drm, "Got hung context on %s with active request %lld:%lld [0x%04X] not yet started\n", > - engine->name, rq->fence.context, rq->fence.seqno, ce->guc_id.id); > + if (rq && !i915_request_started(rq)) { > + char guc_id[9]; > + if (ce) > + scnprintf(guc_id, sizeof(guc_id), "[0x%04X]", ce->guc_id.id); > + else > + scnprintf(guc_id, sizeof(guc_id), " "); > + > + drm_info(&engine->gt->i915->drm, "Got hung context on %s with active request %lld:%lld%s not yet started\n", > + engine->name, rq->fence.context, rq->fence.seqno, guc_id); > + } I've discussed offline with Eugene this scenario and we tested the cases when ce is NULL. I'm looking forward to your v4. Thanks, Andi
On Mon, 25 Nov 2024, Eugene Kobyak <eugene.kobyak@intel.com> wrote: > When the intel_context structure contains NULL, > it raises a NULL pointer dereference error in drm_info(). > > Fixes: e8a3319c31a1 ("drm/i915: Allow error capture without a request") > Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/12309 > Superfluous newline in the middle of commit trailers. Please use the imperative mood in the subject, i.e. s/Fixed/Fix/. BR, Jani. > Signed-off-by: Eugene Kobyak <eugene.kobyak@intel.com> > --- > drivers/gpu/drm/i915/i915_gpu_error.c | 13 ++++++++++--- > 1 file changed, 10 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c > index 135ded17334e..1c614c74c2cf 100644 > --- a/drivers/gpu/drm/i915/i915_gpu_error.c > +++ b/drivers/gpu/drm/i915/i915_gpu_error.c > @@ -1643,9 +1643,16 @@ capture_engine(struct intel_engine_cs *engine, > return NULL; > > intel_engine_get_hung_entity(engine, &ce, &rq); > - if (rq && !i915_request_started(rq)) > - drm_info(&engine->gt->i915->drm, "Got hung context on %s with active request %lld:%lld [0x%04X] not yet started\n", > - engine->name, rq->fence.context, rq->fence.seqno, ce->guc_id.id); > + if (rq && !i915_request_started(rq)) { > + char guc_id[9]; > + if (ce) > + scnprintf(guc_id, sizeof(guc_id), "[0x%04X]", ce->guc_id.id); > + else > + scnprintf(guc_id, sizeof(guc_id), " "); > + > + drm_info(&engine->gt->i915->drm, "Got hung context on %s with active request %lld:%lld%s not yet started\n", > + engine->name, rq->fence.context, rq->fence.seqno, guc_id); > + } > > if (rq) { > capture = intel_engine_coredump_add_request(ee, rq, ATOMIC_MAYFAIL);
diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 135ded17334e..1c614c74c2cf 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -1643,9 +1643,16 @@ capture_engine(struct intel_engine_cs *engine, return NULL; intel_engine_get_hung_entity(engine, &ce, &rq); - if (rq && !i915_request_started(rq)) - drm_info(&engine->gt->i915->drm, "Got hung context on %s with active request %lld:%lld [0x%04X] not yet started\n", - engine->name, rq->fence.context, rq->fence.seqno, ce->guc_id.id); + if (rq && !i915_request_started(rq)) { + char guc_id[9]; + if (ce) + scnprintf(guc_id, sizeof(guc_id), "[0x%04X]", ce->guc_id.id); + else + scnprintf(guc_id, sizeof(guc_id), " "); + + drm_info(&engine->gt->i915->drm, "Got hung context on %s with active request %lld:%lld%s not yet started\n", + engine->name, rq->fence.context, rq->fence.seqno, guc_id); + } if (rq) { capture = intel_engine_coredump_add_request(ee, rq, ATOMIC_MAYFAIL);
When the intel_context structure contains NULL, it raises a NULL pointer dereference error in drm_info(). Fixes: e8a3319c31a1 ("drm/i915: Allow error capture without a request") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/12309 Signed-off-by: Eugene Kobyak <eugene.kobyak@intel.com> --- drivers/gpu/drm/i915/i915_gpu_error.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-)